TLS inspection using self-signed certificate not working

Question

Hi,&nbsp;On a fairly new Azure Firewall Premium setup with network, application, and NAT rules, TLS inspection has been enabled using self-signed certificate. The below document was followed for implementation.&nbsp;https://techcommunity.microsoft.com/t5/azure-network-security-blog/building-a-poc-for-tls-inspection-in-azure-firewall/ba-p/3676723&nbsp;The CER certificate has been installed on a test system behind the Azure firewall but the interception does not work.&nbsp;Any pointers?&nbsp;ThanksJames

kidd_ip · Answer

jameswonderguy&nbsp;Any logs and errors for the issue to further explain the case?

jameswonderguy · Answer

Kidd_IpThe interception now works. It started working all of a sudden after many days of having installed the .CER certificate on the test system; very strange.Now, it works as expected (verified on user PC's browser - common name shows Azure Firewall Manager CA). However, the firewall application logs does not show if TLS inspection took place on the user PC. Is there a specific query to be written in order for the firewall to show that? Else, it is impractical to verify the same.Thanks

Forum Discussion

TLS inspection using self-signed certificate not working

2 Replies

Resources